su - <user> switches to <user> before doing anything else, so the NodeJS server is going to be started as your user and not have any clue about root running the su command, and since users aren't allowed to use privileged ports this is never going to work.

There are two ways to work around this that I can think of off the top of my head:

Using a file capability that will let unprivileged users open privileged ports. Though they generally don't work on scripts in this case they should since, as far as I know, you start the server using node <filename>. (Correct me if I'm wrong tho.)

Using a reverse-proxy like NGINX that sits in front of the application server, running as root. In this case users connect directly to NGINX which then proxies the connections to the application server, but more easily lets you run multiple servers/instances and lets NGINX cache resources. This tends to be the generally preferred approach when it comes to deploying application servers.

[edit:]
The GNU/Linux capability you are looking for is cap_net_bind_service. On Solaris, use PRIV_NET_PRIVADDR.
For more detailed information, see man capabilities(7) (Linux) or man privileges(5) (Solaris).